In communication systems, a standard cryptographic method to ensure the integrity and authenticity of exchanged messages is to add a message counter and a message authentication code (MAC) to each message. In many cases it is necessary to calculate many such MACs for similar messages. It is for example common to include a receiver ID in the message. If a device wants to send a broadcast message to many receivers it is reasonable to assume that most of the message will stay the same but the receiver ID will change. Other possible low-entropy parts are the aforementioned counter or the sender ID if there is a small set of expected senders. In the conventional approach a MAC needs to be computed for every outgoing message. This might not be feasible on constrained devices, such as devices with limited processing capability, limited memory, or limited storage.
Further, when the bandwidth of communication channels is very low or must be used sparingly, a standard optimization technique in this situation is to send only a fixed selection of MAC bits.